Two new ISO 3730X standards boost compliance management

ISO has just released two pivotal new additions to the 37301 compliance management family:

• ISO 37302:2025 – Compliance management systems — Guidance for the evaluation of effectiveness
• ISO 37303:2025 – Compliance management systems — Guidance for competence management

ISO 37302: Guidance for the evaluation of effectiveness

Overview
Published in July 2025, ISO 37302 provides a structured framework of principles, metrics, and methodologies for assessing the effectiveness of compliance management systems in achieving their intended outcomes.

Key Highlights

• Comprehensive Scope: Applicable to all types of organizations, this framework provides a robust evaluation without altering existing compliance requirements.
• Indicator-Based Approach: Introduces a clearly defined set of qualitative and quantitative indicators across three dimensions:
  • Policy & Procedures
  • Conduct & Culture
  • Results & Impacts
• Five-Level Maturity Scale: From basic process existence (Level 1) to fully integrated, continuously improving systems (Level 5).
• Anchored in PDCA & ISO 37301: Designed to support monitoring, measurement, analysis, evaluation, and management reviews as prescribed by ISO 37301.

Why it matters
ISO 37302 provides organizations with the metrics and methods they need to move beyond mere compliance checklists—to evidence-based assessment and continuous improvement. It transforms compliance from a static obligation into a dynamic strategic asset.

ISO 37303: Guidance for competence management

Overview
Also released in July 2025, ISO 37303 provides practical guidance on building and sustaining the competencies required to meet an organization’s compliance objectives. It complements ISO 37301 by focusing squarely on people—what they must know, do, and experience to drive a robust compliance culture.

Key Highlights

• Scope & Applicability: Applicable to organizations of all types—public, private, non‑profit, large or small.
• Competence Dimensions: Introduces a four‑dimensional model—personal, methodological, technical, and social competencies.
• Process Integration: Follows the PDCA cycle (“Plan, Do, Check, Act”) to embed competence management in compliance systems.
• Third-party Inclusion: Addresses not only internal personnel but also key third parties whose actions can impact compliance.

Why it matters
By focusing on who carries out compliance processes—what they should know and how they behave—ISO 37303 strengthens the human foundation of compliance systems. It’s a powerful tool for fostering accountability, trust, and integrity across organizational boundaries.

A Complete System: From Competence to Effectiveness

Together, ISO 37303 and ISO 37302 fill two crucial gaps in the compliance journey:

Phase	ISO 37303 – Competence	ISO 37302 – Effectiveness
Focus	Building the right human capabilities	Measuring outcomes and system maturity
Approach	Competence model + workforce development	Indicator-based evaluation + maturity scale
Goal	Ensure people are equipped to comply	Demonstrate and enhance compliance performance

By combining the ‘who’ and the ‘how well’ of compliance, organizations can now implement a truly holistic ISO-aligned system.

Tips & Next Steps for Practitioners

1. Conduct a gap assessment: Identify current competency and maturity levels against ISO 37303 and ISO 37302 frameworks.
2. Define competencies: Map roles to the four competence dimensions—personal, methodological, technical, and social.
3. Implement evaluation metrics: Use the five-level maturity scale across three key dimensions to track progress.
4. Integrate with ISO 37301 PDCA cycle: Utilize competence development and evaluation outcomes to drive ongoing compliance improvement.

Final Thoughts

The release of ISO 37303 and ISO 37302 marks a significant leap forward in the standardization of compliance management. These standards are essential for organizations seeking to cultivate a resilient, ethics-driven culture and transition from reactive compliance to proactive excellence.
For StandardsHero readers, these are now must-download references for anyone shaping compliance strategies in 2025 and beyond.